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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 
liisting of Claims: 

1. (Original) In a client system that includes various client system components, 
and that is conGgurcd to receive one or more scripts from one or more script sources, the client 
system also includmg one or more objects that are configured to control properties and features 
of the client system components, a method of selectively granting or denying a script access to 
one or more of the objects, comprising acts of: 

receiving, at the client system, a script from a script source, the script requesting 
access to a particular system object; 

accessing an access control data structure that is indqiofident of tlie script and 
making a determination that the script is authorized to access the particular system object 
based on one or more permissions that are associated witli Oie script source and the 
particular system within the access control data structure; 

selectively granting the script access to the particular system object based on the 
determination. 
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2. (Original) A method as defined in claim 1 , wherein: 

the method further comprises an act of storing, at the client system the access 
control data structure, wherein the access control data structure includes having one or 
more entries, each entry being associated with an object and including a source identifier 
representing one or more inforaiation sources and a permission identifier defining a 
penntssion; and 

the act of making the detennination comprises acts of: 

identifying an entry of the access control data structure that is associated 

with the particular object and has a source identifier representing the information 

source from which the script has been received; and 

applying the permission defined by the permission identifier included in 

the identified entry to the script. 

3. (Original) A method as defined in claim 1, wherein the particular object is a 
document object relating to a document displayed by the browser. 

4* (Original) A method as defined in claim 1, wherein the particular object is a 
browser object relating to the browser other than any document displayed by the browser. 

S. (Original) A method as defined in claim 1, wherein the particular object is a 
system object relating to a component of the client system other than the browser and any 
document displayed by the browser* 
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6. (Currently Amended) In a client system that includes various client system 
components, and that is configured to receive one or more scripts from one or more script 
souTces, the client system also including one or more objects that are configured to control 
properties and features of the client system components, a mefliod of selectively granting or 
denying a script access to one or more of the objects, comprising acts of: 

storing at the client system an access control data stmcturc having one or more 
entries, each entry being associated with an object for which access is to be controlled 
and including a source identifier representing one or more script sources and a permission 
identifier defining a permission; 

receiving a script from a particular script source, wherein the script, if fiiUy 
executed by the browser, would request access to a particular object; 

identifying on entry of the access control data structure that is independent of the 
script and that is associated with the particular object and has a source identifier 
representing the particular script source; and 

applying the permission defmed by the permission identifier included in the 
identified entry to the scrip t^ such that access by the script to the particular object is based 
upon one or more permissions tliat are associated with the script source and the particular 
system ob jec t and that are independent of the script . 

7. (Original) A method as defmed in claim 6, wherein the identified entry is 
associated with and controls access to only one system object. 

8. (Original) A method as defined in claim 6, wherein the applied permission is 
a write permission, the method fiirther comprising: 

an act of executing the script such that the script accesses the particular object; 

and 

an act of modifying tlie particular object by tlie script 
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9. (Original) A method as defined in claim 6, wherein the applied permission 
specifies tliat access to the particular object by the script is denied, the method further 
comprising an act of denying the script access to the particular object. 

10. (Original) A method as defined in claim 6, wherein the source identifier 
corresponds to a universal resource locator of the one or more script sources that the source 
identifier represents. 

1 1 . (Original) A method as defined in claim 1 0, wherein the act of identifying an 
entry of the access control data structure comprises an act of comparing the source identifiers of 
the entries witli the universal resource locator of the script source. 
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12. (Original) A method as defined in claim 6, wherein the script, if fiilly 
executed, would request access to at least two system objects, including the particular object and 
a second object, the method further comprising acts of: 

identifying a second entty of the access control data structure, wherein the second entry is 
associated with the second object the source identifier of tlie second entry represents the 
particular script source; and 

applying tlie permission defined by the permission identifier included in the 
second entry to the script such that access by the script to the second object is controlled. 

13. (Original) A method as defined in claim 12, wherein the permission defined 
by the pormission identifier included in the identified entry is different than the permission 
defined by the permission identifier included in the second entry. 

14. (Original) A method as defined in claim 6, further comprising acts of: 

receiving a second script firom the particular script source^ wherein the second script, if 
fiiliy executed by the browser, would request access to a second object; 

identifying a second entry of the access control data structure^ wherein the second 
entry is associated with the second object and the source identifier of the second entry 
represents the particular script source; and 

applying the permission defined by the permission identifier included in the 
second entry to the second script such that access by the second script to the second 
object is controlled. 

15. (Original) A method as defined in claim 14, wherein the permission defined 
by tlio permission identifier included in the identified entry is different than the permission 
defined by tlic permission identifier included in the second entty, 
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16, (Original) A computer program product for use in a client system that 
includes various client system components^ and that is configured to receive one or more scripts 
from one or more script sources, the client system also including one or more objects that are 
configured to control properties and features of the client system components, the computer 
program product comprising: 

one or more computer-readable media having computer-executable instructions 
for implementing a method of selectively granting or denying a script access to one or 
more of the objects, comprising acts of: 

receiving, at the client system, a script from a script source, the script 
requesting access to a particular system object; 

accessing an access control data structure that is independent of the script 
and making a determination that the script is authorized to access the particular 
system object based on one or more permissions that are associated with the script 
source and the particular system within the access control data structure; 

sctcctively granting the script access to the particular system object based 
on the determination. 
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17. (Original) A computer program product as recited in claim 16, wherein: 

the method further comprises an act of storing, at the clierit system the access 
control data structure, wherein tlie access conti'ol data structure includes one or more 
entries, each entry being associated with an object and including a source identifier 
representing one or more information sources and a permission identifier defining a 
permission; and 

the act of making the determination comprises acts of: 

identifying an entry of the access control data structure that is associated 

with the particular object and has a source identifier representing the information 

source from which the script has been received; and 

applying the permission defined by the permission identifier included in 

the identified entry to the scripts 

18. (Original) A computer program product as recited in claim 17, wherein the 
applied permission is a write pemiission, the method further comprising: 

an act of executing the script such that the script accesses the particular object; 

and 

an act of modifying the particular object by the script. 

19. (Original) A computer program product as recited in claim 17> wherein the 
source identifier corresponds to a universal resource locator of tlie one or more script sources 
that the source identifier represents. 

20. (Original) A computer program product as recited in claim 17, wherein the 
act of identifying an entiy of the access control data structure comprises an act of comparing the 
source identifiers of tlie entries with the universal resource locator of the script source. 

21. (Original) A computer program pi-oduct as recited in claim 16, wherein the 
particular object is a document object relating to a document displayed by the browser. 
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22. (Original) A computer program product as recited in claim 16, wherein the 
particular object is a browser object relating to the browser other than any document displayed 
by the browser. 
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